[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: potential DoS of tcplogd in package iplogger

At 09:37 PM 11/11/99 +0100, Ralf Nyren wrote:


I don't if this is already known but I thought it might be worth a notice.

In package iplogger there is a daemon, tcplogd, which logs incoming
tcp-connection attempts to syslog.
 It seems that this daemon forks a child for every connection discovered and
if for example the machine running tcplogd is syn-flooded there will be a
lot of tcplogd's forked.
 The tcplogd processes will die of by time but during the attack the machine
will be more or less inaccessable.

iplogger 1.1-4
no syn-cookies support in kernel (2.2.12)

Do you mean that you didn't -compile- it in the kernel???
(I'm not sure there is an option or not....)
Or that you didn't enable it (root# sysctl -w net/ipv4/tcp_syncookies=1) ???



Please Cc any answer to me since I have not subscribed to this list.

/Ralf Nyrén

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: